Blob Blame History Raw
From 81a9e4f428e9a2305a2ea8c576dadde60fa5a381 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 20 Sep 2018 12:42:59 +0100
Subject: [PATCH] tools: Link OCaml programs with -runtime-variant _pic if
 available.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

OCaml has a small runtime which is statically linked into the virt
tools (providing things like GC and primitives).  Since OCaml 4.03 it
has been possible to select variants of this runtime, one of which is
compiled with -fPIC, using ‘ocamlopt -runtime-variant _pic’.

This has performance implications on i686, but is relatively free on
other architectures.  Since it (in theory) adds to the security of the
final binary this commit enables it whenever it is available.

(cherry picked from commit 09abb9c990f6e07b3577088522b8ad9fb439a80e)
---
 .gitignore                        |  1 +
 configure.ac                      |  2 ++
 m4/guestfs-ocaml.m4               | 18 ++++++++++++++++++
 ocaml-link.sh => ocaml-link.sh.in |  8 +++++++-
 4 files changed, 28 insertions(+), 1 deletion(-)
 rename ocaml-link.sh => ocaml-link.sh.in (88%)

diff --git a/.gitignore b/.gitignore
index af80e36d1..89b8baa17 100644
--- a/.gitignore
+++ b/.gitignore
@@ -410,6 +410,7 @@ Makefile.in
 /make-fs/virt-make-fs.1
 /missing
 /ocaml-dep.sh
+/ocaml-link.sh
 /ocaml/bindtests.bc
 /ocaml/bindtests.opt
 /ocaml/bindtests.ml
diff --git a/configure.ac b/configure.ac
index 4da3bd021..6c38406bb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -198,6 +198,8 @@ AC_CONFIG_FILES([installcheck.sh],
                 [chmod +x,-w installcheck.sh])
 AC_CONFIG_FILES([ocaml-dep.sh],
                 [chmod +x,-w ocaml-dep.sh])
+AC_CONFIG_FILES([ocaml-link.sh],
+                [chmod +x,-w ocaml-link.sh])
 AC_CONFIG_FILES([p2v/virt-p2v-make-disk],
                 [chmod +x,-w p2v/virt-p2v-make-disk])
 AC_CONFIG_FILES([p2v/virt-p2v-make-kickstart],
diff --git a/m4/guestfs-ocaml.m4 b/m4/guestfs-ocaml.m4
index e08f40a02..fea11a334 100644
--- a/m4/guestfs-ocaml.m4
+++ b/m4/guestfs-ocaml.m4
@@ -59,6 +59,24 @@ AM_CONDITIONAL([HAVE_OCAMLOPT],
 AM_CONDITIONAL([HAVE_OCAMLDOC],
                [test "x$OCAMLDOC" != "xno"])
 
+dnl Check if ocamlc/ocamlopt -runtime-variant _pic works.  It was
+dnl added in OCaml >= 4.03, but in theory might be disabled by
+dnl downstream distros.
+OCAML_RUNTIME_VARIANT_PIC_OPTION=""
+if test "x$OCAMLC" != "xno"; then
+    AC_MSG_CHECKING([if OCaml ‘-runtime-variant _pic’ works])
+    rm -f conftest.ml contest
+    echo 'print_endline "hello world"' > conftest.ml
+    if $OCAMLC conftest.ml -runtime-variant _pic -o conftest >&5 2>&5 ; then
+        AC_MSG_RESULT([yes])
+        OCAML_RUNTIME_VARIANT_PIC_OPTION="-runtime-variant _pic"
+    else
+        AC_MSG_RESULT([no])
+    fi
+    rm -f conftest.ml contest
+fi
+AC_SUBST([OCAML_RUNTIME_VARIANT_PIC_OPTION])
+
 dnl Check if ocamldep has options -all and -one-line (not present in RHEL 6).
 AC_MSG_CHECKING([if ocamldep has the ‘-all’ option])
 if ocamldep -all >&AS_MESSAGE_LOG_FD 2>&1; then
diff --git a/ocaml-link.sh b/ocaml-link.sh.in
similarity index 88%
rename from ocaml-link.sh
rename to ocaml-link.sh.in
index 855637534..fbcc07951 100755
--- a/ocaml-link.sh
+++ b/ocaml-link.sh.in
@@ -1,4 +1,6 @@
 #!/bin/bash -
+# Script used to link OCaml programs.
+# @configure_input@
 # (C) Copyright 2015-2018 Red Hat Inc.
 #
 # This program is free software; you can redistribute it and/or modify
@@ -41,4 +43,8 @@ while true ; do
   esac
 done
 
-exec "$@" -linkpkg -cclib "${cclib}"
+# NB -cclib must come last.
+exec "$@" \
+     @OCAML_RUNTIME_VARIANT_PIC_OPTION@ \
+     -linkpkg \
+     -cclib "${cclib}"
-- 
2.21.0